VYPR
Vendor

Nagvis

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2016-6175CriFeb 7, 2017
    risk 0.68cvss 9.8epss 0.20

    Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.

  • CVE-2022-46945CriMay 26, 2023
    risk 0.55cvss 9.1epss 0.04

    Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.

  • CVE-2024-13723HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.01

    The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.

  • CVE-2024-38866HigMay 27, 2025
    risk 0.42cvss 7.5epss 0.00

    Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection

  • CVE-2021-33178MedOct 14, 2021
    risk 0.42cvss 6.5epss 0.02

    The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

  • CVE-2024-47090MedMay 27, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS

  • CVE-2017-6393MedMar 2, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context…

  • CVE-2024-13722MedFeb 4, 2025
    risk 0.35cvss 5.4epss 0.01

    The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated…

  • CVE-2025-39665Dec 3, 2025
    risk 0.00cvss epss 0.00

    User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.

  • CVE-2024-47093HigDec 19, 2024
    risk 0.00cvss 8.8epss 0.01

    Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS

  • CVE-2023-46287MedOct 20, 2023
    risk 0.00cvss 6.1epss 0.01

    XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

  • CVE-2022-3979MedNov 13, 2022
    risk 0.00cvss 5.6epss 0.01

    A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may…